Binance notes that though some of the photos match actual accounts others are lacking key details or show evidence of manipulation.

“The latest evidence of this investigation indicates that some of the leaked images overlap with images that were processed by a third-party vendor, which Binance contracted a few times between early December 2017 and late February 2018,” wrote the team. “During our review of the leaked images, there were multiple photoshopped or otherwise altered images which do not match the KYC images in our database and are being accounted into the comprehensive investigation. In addition, every image processed through Binance for KYC purposes is embedded with a concealed digital watermark, which was notably absent from all of the leaked images.”

The suggestion that the KYC data included edited images is consistent with our own findings which suggests that KYC information had been modified or used to create fraudulent accounts on Binance. Our own research also suggests more KYC information is available but that has not yet been independently verified via our sources.

“We have robust measures in place to safeguard our customers’ assets and information, including an updated KYC verification system and AI-based facial verification function introduced in 2018, as well as the storage and indexing of KYC data with sophisticated data security technology upgraded in 2019,” wrote the company.

The company has reached out to potential victims and they are offering them lifetime VIP membership. The company recommends affected users “apply for new identification documents in their respective region.”

We have requested further context from Binance regarding the scale of the hack.